Approved changes feed: RSS · Atom
cpe:2.3:a:n/a:o2oa:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | N/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78) |
|---|---|
| Product | O2Oa (62d5cbea-34b6-5d98-aaf1-1b54ba7b0d0d) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-7292 |
vulnerable | 2026-06-08 08:08:56.806743 |
o2oa NodeAgent NodeAgent.java syncFile improper authorization
MEDIUM (5.6)
A security vulnerability has been detected in o2oa up to 10.0. This impacts the function syncFile of the file NodeAgent.java of the component NodeAgent. The manipulation leads to improper authorization. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is said to be difficult. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-04-28T17:30:10.503Z
Updated: 2026-04-29T12:19:21.182Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-7291 |
vulnerable | 2026-06-08 08:08:56.806275 |
o2oa URL Fetching FileAction.java FileAction server-side request forgery
MEDIUM (6.3)
A weakness has been identified in o2oa up to 10.0. This affects the function FileAction of the file FileAction.java of the component URL Fetching. Executing a manipulation of the argument fileUrl can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-04-28T17:15:11.154Z
Updated: 2026-04-28T18:34:51.456Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-2074 |
vulnerable | 2026-06-08 07:55:16.492025 |
O2OA HTTP POST Request check xml external entity reference
MEDIUM (6.3)
A vulnerability was identified in O2OA up to 9.0.0. This impacts an unknown function of the file /x_program_center/jaxrs/mpweixin/check of the component HTTP POST Request Handler. The manipulation leads to xml external entity reference. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-02-07T04:02:06.652Z
Updated: 2026-02-23T09:29:26.009Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-9737 |
vulnerable | 2026-06-08 07:47:09.679014 |
O2OA Personal Profile importmodel cross site scripting
LOW (3.5)
A vulnerability was detected in O2OA up to 10.0-410. Affected is an unknown function of the file /x_query_assemble_designer/jaxrs/importmodel of the component Personal Profile Page. Performing manipulation of the argument description/applicationName/queryName results in cross site scripting. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."
Published: 2025-08-31T16:32:06.032Z
Updated: 2025-09-02T15:13:53.061Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-9736 |
vulnerable | 2026-06-08 07:47:09.678508 |
O2OA Personal Profile statement cross site scripting
LOW (3.5)
A security vulnerability has been detected in O2OA up to 10.0-410. This impacts an unknown function of the file /x_query_assemble_designer/jaxrs/statement of the component Personal Profile Page. Such manipulation of the argument description/queryName leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."
Published: 2025-08-31T16:02:06.380Z
Updated: 2025-09-02T15:13:58.930Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-9735 |
vulnerable | 2026-06-08 07:47:09.677963 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-9734 |
vulnerable | 2026-06-08 07:47:09.677300 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-9719 |
vulnerable | 2026-06-08 07:47:09.635086 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-9718 |
vulnerable | 2026-06-08 07:47:09.634366 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-9717 |
vulnerable | 2026-06-08 07:47:09.628701 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-9716 |
vulnerable | 2026-06-08 07:47:09.628281 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-9715 |
vulnerable | 2026-06-08 07:47:09.627704 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-9683 |
vulnerable | 2026-06-08 07:47:09.534558 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-9682 |
vulnerable | 2026-06-08 07:47:09.534038 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-9681 |
vulnerable | 2026-06-08 07:47:09.533476 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-9680 |
vulnerable | 2026-06-08 07:47:09.532797 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-9659 |
vulnerable | 2026-06-08 07:47:09.474434 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-9658 |
vulnerable | 2026-06-08 07:47:09.473762 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-9657 |
vulnerable | 2026-06-08 07:47:09.473178 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-9655 |
vulnerable | 2026-06-08 07:47:09.467924 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-9646 |
vulnerable | 2026-06-08 07:47:09.452432 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.